How Browsers' Explanations Impact Misconceptions About Private

Total Page:16

File Type:pdf, Size:1020Kb

How Browsers' Explanations Impact Misconceptions About Private Your Secrets Are Safe: How Browsers’ Explanations Impact Misconceptions About Private Browsing Mode Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acary, Sascha Fahly, Blase Ur University of Chicago, yLeibniz University Hannover {yuxiwu,panyagupta,weim,blase}@uchicago.edu, {acar,fahl}@sec.uni-hannover.de ABSTRACT the history bar, auto-filled forms, or search suggestions. Private All major web browsers include a private browsing mode that does modes thus help users hide browsing sessions from people sharing not store browsing history, cookies, or temporary files across brows- a device with them. ing sessions. Unfortunately, users have misconceptions about what While these private modes aim not to save user data locally, this mode does. Many factors likely contribute to these misconcep- many threats to privacy are outside their scope. For example, pri- tions. In this paper, we focus on browsers’ disclosures, or their in- vate mode does not aim to prevent tracking over the network. While browser explanations of private browsing mode. In a 460-participant browser cookies do not persist across private browsing sessions, online study, each participant saw one of 13 different disclosures this is a minor barrier to tracking by third-party advertising and (the desktop and mobile disclosures of six popular browsers, plus a analytics companies, who can employ more sophisticated finger- control). Based on the disclosure they saw, participants answered printing techniques [14, 17]. Furthermore, implementations are questions about what would happen in twenty browsing scenarios imperfect, often leaving some traces of local activity [1, 36, 47]. capturing previously documented misconceptions. We found that Despite the limited protections private modes provide, some browsers’ disclosures fail to correct the majority of the misconcep- users overestimate these protections [13, 20]. This overestimation tions we tested. These misconceptions included beliefs that private reaches far; Eric Schmidt, former CEO of Google, once stated, “If browsing mode would prevent geolocation, advertisements, viruses, you’re concerned, for whatever reason, you do not wish to be and tracking by both the websites visited and the network provider. tracked by federal and state authorities, my strong recommendation Furthermore, participants who saw certain disclosures were more is to use incognito mode, and that’s what people do” [38]. likely to have misconceptions about private browsing’s impact on In this paper, we take initial steps toward unpacking these mis- targeted advertising, the persistence of lists of downloaded files, conceptions by conducting a user study of how browsers’ own and tracking by ISPs, employers, and governments. explanations of private mode impact users’ understanding of what these modes do. Browsers differ in how they explain private mode; CCS CONCEPTS even the mode’s name differs (e.g., “Incognito Mode” in Chrome, “InPrivate” in Edge, and “Private Browsing Mode” in Firefox). We • Security and privacy → Usability in security and privacy; focus on the disclosure, or full-page explanation browsers present Browser security; when users open a new window in private mode (the catch-all term KEYWORDS we use across browsers). Notably, disclosures often differ between a given browser’s desktop and mobile versions. Private browsing, Web browser privacy, Usable privacy, User study, We conducted a between-subjects online study in which 460 par- Incognito mode, Private browsing mode ticipants each saw one of 13 different disclosures (the desktop and ACM Reference Format: mobile disclosures of six popular browsers, plus a control disclosure) Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acary, Sascha Fahly, Blase rebranded for a hypothetical new browser. Participants answered Ur. 2018. Your Secrets Are Safe: How Browsers’ Explanations Impact Mis- questions about what would happen in twenty different browsing conceptions About Private Browsing Mode. In WWW 2018: The 2018 Web scenarios. In some of these scenarios, private mode protects the Conference, April 23–27, 2018, Lyon, France. ACM, New York, NY, USA, user’s privacy, while the other scenarios encapsulate previously 10 pages. https://doi.org/10.1145/3178876.3186088 documented misconceptions [13, 20] about private mode. 1 INTRODUCTION We found that participants had many misconceptions, including beliefs that private mode would prevent geolocation, protect from Each of the five web browsers widely used today — Chrome, Edge, malware, eliminate advertisements, and prevent tracking by the Firefox, Safari, and Opera — offers a private mode that stops stor- websites visited and network providers. The particular disclosure ing browsing history and caching data across sessions. Unwanted participants saw impacted their misconceptions. Compared to a information from the user’s browsing history will not appear in meaninglessly vague control condition, the current and previous This paper is published under the Creative Commons Attribution 4.0 International Chrome desktop disclosure led participants to answer more sce- (CC BY 4.0) license. Authors reserve their rights to disseminate the work on their narios correctly; no other disclosure we tested had a significant personal and corporate Web sites with the appropriate attribution. effect. Participants who saw certain disclosures were more likely to WWW 2018, April 23–27, 2018, Lyon, France © 2018 IW3C2 (International World Wide Web Conference Committee), published have misconceptions about private mode’s impact on specific sce- under Creative Commons CC BY 4.0 License. narios: targeted advertising, the persistence of lists of downloaded ACM ISBN 978-1-4503-5639-8/18/04. files, and tracking by Internet service providers (ISPs), employers, https://doi.org/10.1145/3178876.3186088 WWW 2018, April 23–27, 2018, Lyon, France Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acary, Sascha Fahly, Blase Ur and governments. Phrases used in some disclosures (e.g., “tracking save the list of files downloaded in private mode. All browsers can protection”) appear to contribute to misconceptions. access existing bookmarks in private mode, and new bookmarks While prior work has documented misconceptions about private saved in private mode are available in future sessions [22, 31, 34]. mode, our study is the first to focus on the role browsers’ disclosures Browsers differ somewhat in their private modes. Chrome and play. These disclosures, which users see each time they open a Edge do not save preferences (e.g., pop-up blocking, download loca- new private browsing window, are the main vector for disabusing tions) from private sessions, while Firefox and Opera do. Browsers users of misconceptions that might derive from loaded names like similarly differ in how they handle browser extensions. Edge com- “private browsing mode” and “incognito mode” [24, 39, 48]. While pletely disables extensions, while Firefox and Safari leave them we found that some browsers’ disclosures are better than others, all enabled by default. Chrome and Opera disable extensions by de- disclosures we tested failed to correct important misconceptions. fault, but let users manually enable them. 2 BACKGROUND AND RELATED WORK 2.2 Previously Documented Misconceptions We first summarize features of current browsers’ private modes. We then discuss prior work on misconceptions about private mode To create the browsing scenarios for our study, we gathered mis- and work on privacy communication more broadly. conceptions about private mode previously documented in the academic literature and news media. Two prior user studies have 2.1 Features of Private Browsing focused on misconceptions about private mode. Gao et al. surveyed 200 Mechanical Turk workers, examining qualitatively why partic- All major web browsers include a private mode designed to protect ipants used private browsing modes and what they believed the against local privacy threats with physical access to a machine [1]. modes do [20]. More recently, the search engine DuckDuckGo con- These modes aim to remove local copies of browsing history, tem- ducted a demographically representative sample of 5,710 Americans, porary files, and cookies from a machine. That said, the implemen- documenting seven misconceptions about private browsing [13]. tation of these features is imperfect [1]. Xu et al. demonstrated that Prior work has found that some users incorrectly believe private sophisticated attackers can still gain access to information from pri- mode shields them from tracking by visited websites, online adver- vate sessions [47]. Similarly, Satvat et al. found vulnerabilities that tising companies, the government, and ISPs [13, 20, 24, 27, 39], and enable sophisticated attackers and malware to steal information some are also under the misconception that websites cannot view from private mode [36]. While such attacks are important to overall IP addresses in private mode, thereby preventing geolocation [13]. browser security, they are not the focus of our work. Instead, we Furthermore, some users believe that private mode can control what study how users’ expectations compare to private mode’s intended third parties save [24]. For instance, users may not consider that protections. To determine these intended protections, we examined companies can record browsing histories when users are logged both browser-specific documentation and prior research on private into their accounts, regardless of browsing mode [13, 16]. Users modes. For potential behaviors that were not formally
Recommended publications
  • IN-BROWSER BLITZ LITERATURE REVIEWS 1 Submitted to Meta
    IN-BROWSER BLITZ LITERATURE REVIEWS 1 Submitted to Meta-Psychology. Participate in open peer review by commenting through hypothes.is directly on this preprint. The full editorial process of all articles under review at Meta-Psychology can be found following this link: https://tinyurl.com/mp-submissions You will find this preprint by searching for the first author's name. Writing a Psychological Blitz Literature Review with Nothing but a Browser Bogdan Cocoş1 1Department of Psychology, University of Bucharest Author Note Correspondence regarding this article should be addressed to Bogdan Cocoş, 90 Panduri Road, Sector 5, 050663, Bucharest, Romania. E-mail: [email protected] https://orcid.org/0000-0003-4098-7551 IN-BROWSER BLITZ LITERATURE REVIEWS 2 Abstract The ways so far of writing literature reviews represent valid, but not sufficient, landmarks, connected to the current technological context. In this sense, this article proposes a research method called blitz literature review, as a way to quickly, transparently, and repeatably consult key references in a particular area of interest, seen as a network composed of elements that are indispensable to such a process. The tutorial consists of six steps explained in detail, easy to follow and reproduce, accompanied by publicly available supplementary material. Finally, the possible implications of this research method are discussed, being brought to the fore a general recommendation regarding the optimization of the citizens’ involvement in the efforts and approaches of open scientific research. Keywords: blitz literature review, open access, open science, research methods IN-BROWSER BLITZ LITERATURE REVIEWS 3 Writing a Psychological Blitz Literature Review with Nothing but a Browser Context The term “blitz literature review” refers to an adaptation of the concept of literature review.
    [Show full text]
  • A Usability Study of the Opera Web Browser and Its Contexts of Use
    User Attitudes and Environmental Factors: A Usability Study of the Opera Web Browser and its Contexts of Use Curtis Peterson Nick Bateman Luke Burnett Introduction Information from a usability study on a product can provide beneficial information for a specified group or individual with user problems, ideas for development, and recommendations for the product. Our usability test compares a new option for browsing the web called Opera with the more familiar browsers Internet Explorer (IE) and Netscape. Opera has recently become available in Michigan Technological University’s Center for Computer-Assisted Language Instruction (CCLI); our intentions were to invite CCLI users to take the test and record the data straight from the actual environment. We found seven participants. Dawn Hayden, the director of the CCLI, accepted our proposal to conduct this test; in turn, we promised to provide her with information for further recommendation of the product, in future considerations of CCLI software. The question we want to answer is this: Is Opera initially impressing users as an improvement over existing web browsers? To answer this question, Opera’s aspects of initial attraction for new users must be defined. There are three areas where a new browser must succeed in impressing intended users: · Adaptability of user features · Accessibility of user option preference · Navigability of user interface. Methodology Imagine you are asked to design your “ideal” web browser that will compete on the big market. True, it is not an easy task. So do you think you could just draw a picture of it? What would your options be? We asked a group of users to do just this exercise during this usability test.
    [Show full text]
  • Opera Mini Application for Android
    Opera Mini Application For Android Wat theologized his eternities goggling deathy, but quick-frozen Mohammed never hammer so unshakably. Fain and neverfringillid headline Tyrone sonever lambently. reapplied his proles! Tracie meows his bibulousness underdevelop someplace, but unrimed Ephrayim This application lies in early on this one knows of applications stored securely for example by that? Viber account to provide only be deactivated since then. Opera Mini is a super lightweight browser that loads web pages faster than what every other browser available. Opera Mini Browser Latest News Photos Videos on Opera. The Opera Mini for Android lets you do everything you any to online without wasting your fireplace plan It's stand fast safe mobile web browser that saves you tons of. Analysis of tomorrow with a few other. The mini application for opera android open multiple devices. Just with our site on a view flash drives against sim swap scammers? Thanks for better alternative software included in multitasking is passionate about how do you can browse, including sms charges may not part of mail and features. Other download option for opera mini Hospedajes Mirta. Activating it for you are you want. Opera mini 16 beta android app has a now released and before downloading the read or full review covering all the features here. It only you sign into your web page title is better your computer. The Opera Mini works the tender as tide original Opera for Android This app update features a similar appearance and functionality but thrive now displays Facebook. With google pixel exclusive skin smoothing makeover tool uses of your computer in total, control a light.
    [Show full text]
  • Release Notes (PDF)
    RELEASE NOTES April 2020 Elcomsoft Internet Password Breaker Version 3.10 Elcomsoft Internet Password Breaker instantly extracts passwords, stored forms and AutoComplete information from popular Web browsers and email clients. Obtain individual passwords or export all data in order to build a perfect custom dictionary for password recovery attacks performed with other tools. Summary In this release, Elcomsoft Internet Password Breaker receives an update to add compatibility with the newest addition to the Web browser family. This release introduces support for the latest Chromium-based Microsoft Edge browser for both 32-bit and 64-bit Windows editions. In addition, the tool was updated to support the latest builds of Google Chrome, Opera and Chromium. Essential updates The Chrome update The latest versions of Chrome no longer employ Microsoft DPAPI for protecting stored passwords. Instead, the passwords are protected with industry-standard AES 256 GCM encryption, while DPAPI is only used to protect the vault encryption key. The latest versions of Opera, Chromium, and new Microsoft Edge browsers are based on the same encryption scheme. Elcomsoft Internet Password Breaker 3.10 was updated to support the latest encryption scheme employed in the latest versions of Chromium-based Web browsers. Microsoft Edge (Chromium edition) With Microsoft planning to ship the new Chromium-based Edge browser with every Windows installation, Microsoft Edge can become Chrome’s major competitor. Thanks to using the same engine as Google Chrome, Microsoft is offering a straightforward migration path by importing data including stored passwords in a click of a button. New Elcomsoft Internet Password Breaker 3.10 retrieves user-saved and synchronized passwords from the new Microsoft Edge (Chromium) browser, both 32-bit and 64-bit.
    [Show full text]
  • EDUCATION in CHINA a Snapshot This Work Is Published Under the Responsibility of the Secretary-General of the OECD
    EDUCATION IN CHINA A Snapshot This work is published under the responsibility of the Secretary-General of the OECD. The opinions expressed and arguments employed herein do not necessarily reflect the official views of OECD member countries. This document and any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Photo credits: Cover: © EQRoy / Shutterstock.com; © iStock.com/iPandastudio; © astudio / Shutterstock.com Inside: © iStock.com/iPandastudio; © li jianbing / Shutterstock.com; © tangxn / Shutterstock.com; © chuyuss / Shutterstock.com; © astudio / Shutterstock.com; © Frame China / Shutterstock.com © OECD 2016 You can copy, download or print OECD content for your own use, and you can include excerpts from OECD publications, databases and multimedia products in your own documents, presentations, blogs, websites and teaching materials, provided that suitable acknowledgement of OECD as source and copyright owner is given. All requests for public or commercial use and translation rights should be submitted to [email protected]. Requests for permission to photocopy portions of this material for public or commercial use shall be addressed directly to the Copyright Clearance Center (CCC) at [email protected] or the Centre français d’exploitation du droit de copie (CFC) at [email protected]. Education in China A SNAPSHOT Foreword In 2015, three economies in China participated in the OECD Programme for International Student Assessment, or PISA, for the first time: Beijing, a municipality, Jiangsu, a province on the eastern coast of the country, and Guangdong, a southern coastal province.
    [Show full text]
  • The Browser Privacy Arms Race Which Browsers Actually Protect Your Privacy?
    EDIT IN MASTER The Browser Privacy Arms Race Which Browsers Actually Protect Your Privacy? Andrés Arrieta - Dir of Consumer Privacy Engineering EDIT IN MASTER Who are we? Non-profit that fights for your civil liberties in the digital world. ● Certbot, HTTPS Everywhere, Panopticlick, Privacy Badger... ● AI, Coders Rights, Freedom of Speech, Privacy… We fight for the users EDIT IN MASTER Why does it matter? Browsers are most users’ window the Internet, and most users do not change the defaults. The out of the box window to the Internet defines the defaults for the rights most users enjoy. The Internet should be opt-in and empower users where the default is respecting our rights EDIT IN MASTER Who cares about more relevant ads anyway? So what if they gather some information? EDIT IN MASTER What can third-parties learn from your browser or other sources? ● Age ● Gender ● Race ● Address physical and email ● Location ● Browser ● Device ● Time spent ● What you clicked ● What you hovered ● What you buy online and offline ● Health data EDIT IN MASTER They can learn directly or infer a lot of things from your browsing habits! ● Politics ● Health condition ● Religious beliefs ● Sexual orientation ● Hobbies and interests ● Personality ● Where you are going ● Who you know and who you’ve met EDIT IN MASTER What can they do with it? ● Marketing for more “relevant” ads (That you probably learned to ignore) ● Decide what you see from your friends ● Decide what news and which outlets you see ● Decide what you should interact with (what has more engagement)
    [Show full text]
  • Browser Requirements & Recommended
    Browser Requirements & Recommended System Settings Arena applications are designed to work with the latest standards-compliant browsers. Updated for Arena Fall 2021 Arena 1 Arena Arena Arena Browser 4 4 4 Supported Validated FileDrop PartsList Exchange Mozilla Firefox Latest2 l l l l Microsoft Edge Latest2 l l l l l Microsoft 11 l l l l l Internet Explorer Google Chrome Latest2 l l l l l Apple Safari3 l Apple Mobile Safari Opera For each of its applications, Arena certifies web browsers as either “supported,” “validated,” or “unsupported.” The meaning of each classification is as follows: Supported browsers are those that Arena believes comply with any and all web standards that are required for an application to work correctly, though Arena itself does not test the application with all supported browsers on a formal, ongoing basis. However, if we or our users identify a blocking functional or cosmetic problem that occurs when using the application with a supported browser, Arena makes efforts to correct the problem on a timely basis. If a problem with a supported browser cannot be corrected in a timely fashion, Arena reclassifies the browser as unsupported until the problem is resolved. Validated browsers are those upon which Arena has executed the validation protocol for the Arena application. The execution record is available to our customers through Arena Validate. Unsupported browsers are those with which an application may or may not work properly. If a functional or serious cosmetic problem occurs when using the application with an unsupported browser, Arena does not make any effort to correct the problem.
    [Show full text]
  • Maelstrom Web Browser Free Download
    maelstrom web browser free download 11 Interesting Web Browsers (That Aren’t Chrome) Whether it’s to peruse GitHub, send the odd tweetstorm or catch-up on the latest Netflix hit — Chrome’s the one . But when was the last time you actually considered any alternative? It’s close to three decades since the first browser arrived; chances are it’s been several years since you even looked beyond Chrome. There’s never been more choice and variety in what you use to build sites and surf the web (the 90s are back, right?) . So, here’s a run-down of 11 browsers that may be worth a look, for a variety of reasons . Brave: Stopping the trackers. Brave is an open-source browser, co-founded by Brendan Eich of Mozilla and JavaScript fame. It’s hoping it can ‘save the web’ . Available for a variety of desktop and mobile operating systems, Brave touts itself as a ‘faster and safer’ web browser. It achieves this, somewhat controversially, by automatically blocking ads and trackers. “Brave is the only approach to the Web that puts users first in ownership and control of their browsing data by blocking trackers by default, with no exceptions.” — Brendan Eich. Brave’s goal is to provide an alternative to the current system publishers employ of providing free content to users supported by advertising revenue. Developers are encouraged to contribute to the project on GitHub, and publishers are invited to become a partner in order to work towards an alternative way to earn from their content. Ghost: Multi-session browsing.
    [Show full text]
  • Private Browsing
    Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University https://www.usenix.org/conference/soups2018/presentation/habib-prying This paper is included in the Proceedings of the Fourteenth Symposium on Usable Privacy and Security. August 12–14, 2018 • Baltimore, MD, USA ISBN 978-1-939133-10-6 Open access to the Proceedings of the Fourteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor Carnegie Mellon University {htq, jcolnago, vidyag, spearman, thomasjm, acquisti, nicolasc, lorrie}@andrew.cmu.edu ABSTRACT Prior user studies have examined different aspects of private Previous research has suggested that people use the private browsing, including contexts for using private browsing [4, browsing mode of their web browsers to conduct privacy- 10, 16, 28, 41], general misconceptions of how private brows- sensitive activities online, but have misconceptions about ing technically functions and the protections it offers [10,16], how it works and are likely to overestimate the protections and usability issues with private browsing interfaces [41,44]. it provides. To better understand how private browsing is A major limitation of much prior work is that it is based used and whether users are at risk, we analyzed browsing on self-reported survey data, which may not always be reli- data collected from over 450 participants of the Security able.
    [Show full text]
  • Web Browser Pioneer Backs New Way to Surf Internet (Update 2) 7 November 2010, by MICHAEL LIEDTKE , AP Technology Writer
    Web browser pioneer backs new way to surf Internet (Update 2) 7 November 2010, By MICHAEL LIEDTKE , AP Technology Writer (AP) -- The Web has changed a lot since Marc Facebook's imprint also is all over RockMelt, Andreessen revolutionized the Internet with the although the two companies' only business introduction of his Netscape browser in the connection so far is Andreessen. He also serves on mid-1990s. That's why he's betting people are Facebook's board of directors. ready to try a different Web-surfing technique on a new browser called RockMelt. RockMelt only works if you have a Facebook account. That restriction still gives RockMelt plenty The browser, available for the first time Monday, is of room to grow, given Facebook has more than built on the premise that most online activity today 500 million users. revolves around socializing on Facebook, searching on Google, tweeting on Twitter and After Facebook users log on RockMelt with their monitoring a handful of favorite websites. It tries to Facebook account information, the person's minimize the need to roam from one website to the Facebook profile picture is planted in the browser's next by corralling all vital information and favorite left hand corner and a list of favorite friends can be services in panes and drop-down windows. displayed in the browser's left hand pane. There's also a built-in tool for posting updates in a pop-up "This is a chance for us to build a browser all over box. again," Andreessen said. "These are all things we would have done (at Netscape) if we had known The features extend beyond Facebook and Twitter.
    [Show full text]
  • Surfing on an Interactive Kiosk
    Surfing on an Interactive Kiosk Leon Anavi Konsulko Group [email protected] [email protected] Yocto Project Summit 2021 Konsulko Group Services company specializing in Embedded Linux and Open Source Software Hardware/software build, design, development, and training services Based in San Jose, CA with an engineering presence worldwide http://konsulko.com/ Yocto Project Summit 2021, Leon Anavi, Surfing on an Interactive Kiosk Agenda Using web browsers for an interactive kiosk Openbox and Surf Building an image Conclusions Q&A Yocto Project Summit 2021, Leon Anavi, Surfing on an Interactive Kiosk Web Browser Market Share Yocto Project Summit 2021, Leon Anavi, Surfing on an Interactive Kiosk Yocto/OE Layer for Mainstream Web Browsers meta-browser https://github.com/OSSystems/meta-browser Available in GitHub under MIT license Sub-layer with recipes for Chromium Sub-layer with recipes for Firefox Yocto Project Summit 2021, Leon Anavi, Surfing on an Interactive Kiosk Surf Web Browser Minimalist web browser No graphical control elements Controlled via keyboard shortcuts or external tools Based on WebKit2/GTK+ Developed by suckless.org Initial release in 2009 Available under MIT License Yocto Project Summit 2021, Leon Anavi, Surfing on an Interactive Kiosk Surf in meta-openembedded/meta-oe Yocto Project Summit 2021, Leon Anavi, Surfing on an Interactive Kiosk Surf Web Browser Requirements: Requires X11 and OpenGL Depends on WebKitGTK, GTK+ 3, glib-2.0 and gcr WebKitGTK is a full-featured port of the WebKit2 rendering
    [Show full text]
  • Security Analysis of Firefox Webextensions
    6.857: Computer and Network Security Due: May 16, 2018 Security Analysis of Firefox WebExtensions Srilaya Bhavaraju, Tara Smith, Benny Zhang srilayab, tsmith12, felicity Abstract With the deprecation of Legacy addons, Mozilla recently introduced the WebExtensions API for the development of Firefox browser extensions. WebExtensions was designed for cross-browser compatibility and in response to several issues in the legacy addon model. We performed a security analysis of the new WebExtensions model. The goal of this paper is to analyze how well WebExtensions responds to threats in the previous legacy model as well as identify any potential vulnerabilities in the new model. 1 Introduction Firefox release 57, otherwise known as Firefox Quantum, brings a large overhaul to the open-source web browser. Major changes with this release include the deprecation of its initial XUL/XPCOM/XBL extensions API to shift to its own WebExtensions API. This WebExtensions API is currently in use by both Google Chrome and Opera, but Firefox distinguishes itself with further restrictions and additional functionalities. Mozilla’s goals with the new extension API is to support cross-browser extension development, as well as offer greater security than the XPCOM API. Our goal in this paper is to analyze how well the WebExtensions model responds to the vulnerabilities present in legacy addons and discuss any potential vulnerabilities in the new model. We present the old security model of Firefox extensions and examine the new model by looking at the structure, permissions model, and extension review process. We then identify various threats and attacks that may occur or have occurred before moving onto recommendations.
    [Show full text]